Financial Reporting Council

2y ago
495.98 KB
30 Pages
Last View : 1m ago
Last Download : 6m ago
Upload by : Troy Oden

GuidanceCorporate GovernanceFinancial Reporting CouncilSeptember 2014Guidance on Risk Management,Internal Control and Related Financialand Business Reporting

The FRC is responsible for promoting high quality corporategovernance and reporting to foster investment. We set the UKCorporate Governance and Stewardship Codes as well as UKstandards for accounting, auditing and actuarial work. We representUK interests in international standard-setting. We also monitorand take action to promote the quality of corporate reporting andauditing. We operate independent disciplinary arrangements foraccountants and actuaries; and oversee the regulatory activities ofthe accountancy and actuarial professional bodies.The FRC does not accept any liability to any party for any loss, damage orcosts howsoever arising, whether directly or indirectly, whether in contract,tort or otherwise from any action or decision taken (or not taken) as a resultof any person relying on or otherwise using this document or arising fromany omission from it. The Financial Reporting Council Limited 2014The Financial Reporting Council Limited is a company limited by guarantee.Registered in England number 2486368. Registered Office:8th Floor, 125 London Wall, London EC2Y 5AS

ContentsSection 1: Introduction . 1Section 2: Board Responsibilities . 5Section 3: Exercising Responsibilities . 6Section 4: Establishing the Risk Management and Internal Control Systems . 8Section 5: Monitoring and Review of the Risk Management and Internal Control Systems . 10Section 6: Related Financial and Business Reporting . 12Appendix A: Going Concern Basis of Accounting and Material Uncertainties . 16Appendix B: Longer term Viability Statement . 19Appendix C: Questions for the Board to Consider . 21Appendix D: UK Corporate Governance Code and Other Regulatory Requirements . 23Financial Reporting Council

Guidance on Risk Management, Internal Control and Related Financial and Business Reporting (September 2014)

Section 1IntroductionApplicability1.This guidance revises, integrates and replaces the current editions of the FinancialReporting Council’s (“FRC”) ‘Internal Control: Revised Guidance for Directors on theCombined Code’ and ‘Going Concern and Liquidity Risk: Guidance for Directors of UKCompanies’, and reflects changes made to the UK Corporate Governance Code (“theCode”).2.It aims to bring together elements of best practice for risk management; prompt boardsto consider how to discharge their responsibilities in relation to the existing andemerging principal risks faced by the company; reflect sound business practice,whereby risk management and internal control are embedded in the business processby which a company pursues its objectives; and highlight related reportingresponsibilities.3.While it is hoped that this guidance will be useful to other entities, it is primarilydirected to companies subject to the Code.1 It applies to such companies foraccounting periods beginning on or after 1 October 2014.Background4.The Code defines the role of the board as being “to provide entrepreneurial leadershipof the company within a framework of prudent and effective controls which enables riskto be assessed and managed”. Effective development and delivery of a company’sstrategic objectives, its ability to seize new opportunities and to ensure its longer termsurvival depend upon its identification, understanding of, and response to, the risks itfaces.5.Economic developments and some high profile failures of risk management in recentyears have reminded boards of the need to ensure that the company’s approach torisk has been properly considered in setting the company’s strategy and managing itsrisks. There may be significant consequences if the company does not do soeffectively.6.Good stewardship by the board should not inhibit sensible risk taking that is critical togrowth. However, the assessment of risks as part of the normal business planningprocess should support better decision-taking, ensure that the board and managementrespond promptly to risks when they arise, and ensure that shareholders and otherstakeholders are well informed about the principal risks and prospects of thecompany.2 The board’s responsibility for the organisation’s culture is essential to theway in which risk is considered and addressed within the organisation and withexternal stakeholders.1The UK Corporate Governance Code applies to all companies with a Premium listing of equity shares on the London StockExchange regardless of whether they are incorporated in the UK or elsewhere.2Principal risks are defined in the Guidance on the Strategic Report (2014) – see: c-Report.pdf. A principal risk is a risk orcombination of risks that can seriously affect the performance, future prospects or reputation of the entity. These should includethose risks that would threaten its business model, future performance, solvency or liquidity.Financial Reporting Council 1

7.The Code was updated in 2010 to make it clear that, in addition to being responsiblefor ensuring sound risk management and internal control systems, boards shouldexplain the company’s business model and should determine the nature and extent ofthe principal risks they were willing to take to achieve the company’s strategicobjectives.8.The Code was further updated in 2012 to improve financial and business reporting bymaking it clear that the board should: confirm that the annual report and accounts taken as a whole is fair, balanced andunderstandable and provides the information necessary for shareholders to assessthe company’s position and performance, business model and strategy; and establish arrangements that will enable it to make this assessment.9.In 2011 the FRC published the ‘Boards and Risk’ report, which reflected the views ofdirectors, investors and risk professionals and highlighted that the board’sresponsibilities for risk management and internal control are not limited to the oversightof the internal control system.10.In 2012 the Sharman Inquiry into going concern and liquidity risk concluded that theboard’s declaration of whether the company remained a going concern should be morebroadly based than is required to determine the accounting approach to be taken.11.Taken together, the conclusions of the two reports can be summarised as: the board must determine its willingness to take on risk, and the desired culturewithin the company; risk management and internal control should be incorporated within the company’snormal management and governance processes, not treated as a separatecompliance exercise; the board must make a robust assessment of the principal risks to the company’sbusiness model and ability to deliver its strategy, including solvency and liquidityrisks. In making that assessment the board should consider the likelihood andimpact of these risks materialising in the short and longer term; once those risks have been identified, the board should agree how they will bemanaged and mitigated, and keep the company’s risk profile under review. Itshould satisfy itself that management’s systems include appropriate controls, andthat it has adequate sources of assurance; the assessment and management of the principal risks, and monitoring and reviewof the associated systems, should be carried out as an on-going process, not seenas an annual one-off exercise; and this process should inform a number of different disclosures in the annual report:the description of the principal risks and uncertainties facing the company; thedisclosures on the going concern basis of accounting and material uncertaintiesthereto; and the report on the review of the risk management and internal controlsystems.2 Guidance on Risk Management, Internal Control and Related Financial and Business Reporting (September 2014)

12.In April 2014 the FRC also published its ‘Guidance on the Strategic Report’ as bestpractice3. It encourages companies to make the information in annual reports morerelevant to shareholders. Recognising that an annual report comprises a number ofcomponents, it aims to promote cohesiveness amongst these components, withrelated information appropriately linked together.Risk Management and Internal Control13.The board has ultimate responsibility for risk management and internal control,including for the determination of the nature and extent of the principal risks it is willingto take to achieve its strategic objectives and for ensuring that an appropriate culturehas been embedded throughout the organisation. This guidance provides a high-leveloverview of some of the factors boards should consider in relation to the design,implementation, monitoring and review of the risk management and internal controlsystems. Such systems cannot eliminate all risks, but it is the role of the board toensure that they are robust and effective and take account of such risks.14.Consistent with the amendment to Principle C.2 in the 2014 edition of the Code, thisguidance asks boards to determine their “principal” risks, rather than “significant” risksas in earlier Code editions. This decision was taken to align the terminology with thenew Strategic Report requirements. The term “principal risk” is defined in the FRC’s‘Guidance on the Strategic Report’. The FRC considers that in this context the words“principal” and “significant” are interchangeable and that the amendment should not beseen as implying a change in the nature of the risks referred to in Principle C.2.15.The guidance does not set out in detail the procedure by which a company designsand implements its risk management and internal control systems. Attempting todefine a single approach to achieving best practice would be misguided if it led boardsto underestimate the crucial importance to high quality risk management of the cultureand behaviour they promote.The Board’s Statements on Longer Term Viability and on the Going ConcernBasis of Accounting16.The Sharman Inquiry concluded that the board’s assessment as to whether a companyremains a “going concern” should be more broadly based than is required to determinewhether to adopt the going concern basis of accounting in the current financialstatements and identify any material uncertainties about the company’s ability tocontinue to do so in future.17.The revised Code and this guidance use the term “going concern” only in the contextof referring to the going concern basis of accounting for the preparation of financialstatements, as defined in accounting standards. This usage is well-established but isdifferent from the ordinary English usage of the term “going concern” to describe anentity that has a viable future.3The Companies Act 2006 requires companies to provide a Strategic Report.Financial Reporting Council 3

18.In the 2014 edition of the Code, Provision C.1.3 has been revised to require an explicitstatement in the financial statements about whether: the going concern basis ofaccounting has been adopted; and there are any material uncertainties about thecompany’s ability to continue to do so in future. A new provision (C.2.2) requires abroader statement about the board’s reasonable expectation as to the company’sviability based on a robust assessment of the company’s principal risks and thecompany’s current position. This guidance addresses each of these statements.How this Guidance is Structured19.Sections 2 and 3 of this guidance summarise the board’s responsibilities for riskmanagement and internal control and identify some of the factors boards shouldconsider in order to exercise those responsibilities effectively. Section 4 addresses theestablishment of the risk management and internal control systems, Section 5discusses the monitoring and review of those systems and Section 6 addresses theboard’s related financial and business reporting responsibilities.20.Sections 4, 5 and 6 incorporate the core of the previous ‘Internal Control: Guidance forDirectors’. Sections 2 and 3 are new, and are intended to align the scope of theguidance with Principle C.2 on Risk Management and Internal Control and ProvisionC.1.3 on the going concern basis of accounting, by addressing the full range of theboard’s responsibilities for these matters and their inter-relationships.21.Appendices A and B provide further guidance on adopting the going concern basis ofaccounting and related disclosures and on the longer term viability statement. Inaddition, the FRC has issued a separate Supplement for Banks on going concern,which addresses considerations specific to the banking sector, and which should beread in conjunction with this Guidance.22.Appendix C contains questions that may assist boards in assessing how they arecarrying out their responsibilities, the culture of the company, and the effectiveness ofthe risk management and internal control systems.23.Appendix D contains an overview of a company’s reporting requirements relating torisk and going concern.4 Guidance on Risk Management, Internal Control and Related Financial and Business Reporting (September 2014)

Section 2Board Responsibilities for Risk Management and Internal Control24.The board has responsibility for an organisation’s overall approach to riskmanagement and internal control. The board’s responsibilities are: ensuring the design and implementation of appropriate risk management andinternal control systems that identify the risks facing the company and enable theboard to make a robust assessment of the principal risks; determining the nature and extent of the principal risks faced and those riskswhich the organisation is willing to take in achieving its strategic objectives(determining its “risk appetite”); ensuring that appropriate culture and reward systems have been embeddedthroughout the organisation; agreeing how the principal risks should be managed or mitigated to reduce thelikelihood of their incidence or their impact; monitoring and reviewing the risk management and internal control systems, andthe management’s process of monitoring and reviewing, and satisfying itself thatthey are functioning effectively and that corrective action is being taken wherenecessary; and ensuring sound internal and external information and communication processesand taking responsibility for external communication on risk management andinternal control.25.The board’s specific responsibility for determining whether to adopt the going concernbasis of accounting and related disclosures of material uncertainties in the financialstatements is a sub set of these broader responsibilities. A company that is able toadopt the going concern basis of accounting and does not have related materialuncertainties to report, for the purposes of the financial statements, is not necessarilyfree of risks that would threaten the company’s business model, future performance,solvency or liquidity were they to materialise. The board is responsible for ensuring thisdistinction is understood internally and communicated externally.26.It is the role of management to implement and take day-to-day responsibility for boardpolicies on risk management and internal control. But the board needs to satisfy itselfthat management has understood the risks, implemented and monitored appropriatepolicies and controls, and are providing the board with timely information so that it candischarge its own responsibilities. In turn, management should ensure internalresponsibilities and accountabilities are clearly established, understood and embeddedat all levels of the organisation. Employees should understand their responsibility forbehaving according to the culture.Financial Reporting Council 5

Section 3Exercising Responsibilities27.The board should establish the tone for risk management and internal control and putin place appropriate systems to enable it to meet its responsibilities effectively. Thesewill depend upon factors such as the size and composition of the board; the scale,diversity and complexity of the company's operations; and the nature of the principalrisks the company faces. But in deciding what arrangements are appropriate the boardshould consider, amongst other things: The culture it wishes to embed in the company, and whether this has beenachieved.As with all aspects of good governance, the effectiveness of risk management andinternal control ultimately depend on the individuals responsible for operating thesystems that are put in place. In order to ensure the appropriate culture is in placeit is not sufficient for the board simply to set the desired values. It also needs toensure they are communicated by management, incentivise the desiredbehaviours and sanction inappropriate behaviour, and assess whether the desiredvalues and behaviours have become embedded at all levels.This should include consideration of whether the company’s leadership style andmanagement structures, human resource policies and reward systems support orundermine the risk management and internal control systems. How to ensure there is adequate discussion at the board.The board should agree the frequency and scope of its discussions on strategy,business model and risk; how its assessment of risk is integrated with othermatters considered by the board; and how to assess the impact on the company’srisk profile of decisions on changes in strategy, major new projects and othersignificant commitments. The board needs to ensure that it engages in informeddebate and constructive challenge and keeps under review the effectiveness of itsdecision-making processes. The skills, knowledge and experience of the board and management.The board should consider whether it, and any committee or management group towhich it delegates activities, has the necessary skills, knowledge, experience,authority and support to enable it to assess the risks the company faces andexercise its responsibilities effectively. Boards should consider specificallyassessing this as part of their regular evaluations of their effectiveness. The flow of information to and from the board, and the quality of that information.The board should specify the nature, source, format and frequency of theinformation that it requires. It should ensure that the assumptions and modelsunderlying this information are clear so that they can be understood and ifnecessary challenged. Risks can crystallise quickly and the board should ensurethat there are clear processes for bringing significant issues to its attention morerapidly when required, and agreed triggers for doing so.The board should monitor the quality of the information it receives and ensure thatit is of a sufficient quality to allow effective decision-making.6 Guidance on Risk Management, Internal Control and Related Financial and Business Reporting (September 2014)

The use, if any, made of delegation.The board should determine to what extent it wishes to delegate some activity to,or obtain advice from, committees or the management group and the appropriatedivision of responsibilities and accountabilities.To the extent that designated committees or the management group carry out, onbehalf of the board, activities that this guidance attributes to the board, the boardshould be satisfied that the arrangements for the work carried out, for the coordination of their work (if more than one is involved), and for reporting to the boardare appropr

risk management and internal control should be incorporated within the company’s normal management and governance processes, not treated as a separate compliance exercise; the board must make a robust assessment of the principal risks to the company’s

Related Documents:

IFSA in promoting financial stability to foster the safety and soundness of financial institutions. There are 3 broad categories of reporting, i.e. Financial Reporting, Compliance Reporting, Industry Specific Reporting. There are 28 types of reports on financial condition and results of its operations to BNM via STATsmart portal.

Feb 11, 2016 · Federal grant reporting requirements fall into two categories: financial reporting and program performance reporting. This report focuses on financial reporting requirements and does not address program performance reporting. This report will be updated should significant legislative activity regarding

Financial Reporting Web Studio is a web-based report authoring solution. Similar in look and feel to the Windows-based Reporting Studio, Financial Reporting Web . On the Oracle Hyperion Planning Home page, click . 2. In Navigator, under Reporting, click Reporting Web Studio. 1-1.

ACCOUNTING AND REPORTING 13th Edition FINANCIAL ACCOUNTING AND REPORTING ELLIOTT AND ELLIOTT Financial Accounting & Reporting is the most up-to-date text on the market. Now fully updated in its 13th edition, it includes extensive coverage of International Accounting Standards (IASs) and International Financial Reporting Standards (IFRSs). This market-leading text offers students a clear, well .

We study the influence of a major reform in financial reporting regulation on financial decisions around the world. Specifically, we use the adoption of a common set of accounting standards across countries – the International Financial Reporting Standards (IFRS) – as a mandatory regulatory change in financial reporting.

Coverage Reading Assignments Reading Assignments STUDY SESSION 6: FINANCIAL REPORTING AND ANALYSIS: AN INTRODUCTION Reading 21: Financial Statement Analysis: An Introduction Reading 22: Financial Reporting Mechanics Reading 23: Financial Reporting Standards Reading 24: Understanding Income Statements Reading 25: Understanding Balance Sheets Reading 26: Understanding Cash Flow Statements

data and its potential impact on financial reporting, the Board believed the section was needed to clarify the relationships between financial statements and other financial reporting. However, SFFAC 1 (paragraphs 21 to 34) provides similar language in discussing federal financial reporting and the role of FASAB.

Integrated Reporting and Intellectual Capital – Concepts and Possible Solutions 111 2 Integrated Reporting (IR) 2.1 The International Integrated Reporting Council (IIRC) The International Integrated Reporting Council (IIRC) is a global coalition of regulators, investors, companies, standard setters, the accounting profession and NGOs.